
NIOC MARYLAND ADVANCED COMPUTER 
NETWORK OPERATIONS COURSE 



Coordinated by 




NAVIOCOM Maryland 



Center ofExcellence for Non-Kinetic Options 



1 




SECRET//REL TO USA 



Title 



Content 



NAVIOCOM Maryland 



SECRET//REL TO USA, 



.cRATIOA/i 




Center ofExcellence for Non-Kinetic Options 



CAN, GBR, NZL 



/ 



2 




SECRET//REL TO USA , AUS , CAN , GBR, NZL 



.cRATIOA Is 



WHY ARE WE TEACHING THIS? 




• 5 Pillars of IO: 

- OPSEC 

- MILDEC 

- MISO 

- EW 

- CNO 

• The next major conflict will start in cyberspace 

- Whether we recognize the signs is another matter 

- Recent conflicts have already shown the importance of CNO (Russia/Georgia) 

- Think China will make a move on Taiwan without bringing down their communications 

networks? 

• As IW officers (or IDC) - we are expected to know and understand 
CNO and communicate with decision makers 

• Recently announced plans from Command in Chief and Pentagon 
officials emphasize cyber space operations 

• Basic 1810/IDC quals are a good foundation, but CO/XO want you to 
know more about CNO 
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Course Overview 




Wednesday , April 11th 

Location: 0PS2B 
2B4118-1 

Time 

0730-0900 

0900-1000 

1000-1100 

1100-1200 

1200-1300 

1300-1400 

1430-1500 



Topic 

CNO Intro/ TAO Overview 

Analysis 

EAO 

Lunch 

lOD/Scanning 

DNT 

TAO Brief/Tour 



Briefer 
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Course Overview 




Thursday, April 12th 
Location: OP52B 2B4118- 
3 



Time 

0800-0900 

0900-1000 

1000-1030 

1030-1100 

1100-1130 

1130-1300 

mBlVKDmM Maryland 



Topic 

CND Intro/Threat Brief 
Red Team Brief 
Blue Team Brief 




CTR1 Brown/ CTR1 
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Course Overview 




Friday , April 13 th 

Location: 0PS2B 
2B4118-3 



Time 



Topic 



0800-0900 

0900-1000 

1000-1100 

1100-1200 

1200-1400 

1400-1430 



POD 

OCO 

Legal Authorities 
Lunch 

PKC/PKI (Asymmetric Encryption) 
Debrief/Discussion 



Briefer 
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^ CND 

CNA 

CNE 




•Automated 



Class II 



•Interactive 





DoD Global Information 
GIG Operations 
(DGO) 




Human-enabled 



•Proximal Access 
■Physical Interdiction 
■Multi-Staged 
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DoD Global Information Grid Operati 




Pillars of Information 
Assurance 



Confidentiality 

Integrity 

Availability 

Non-Repudiation 

Authentication 
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Direct and synchronize actions to detect, analyze, counter and 
mitigate cyber threats and vulnerabilities 




Defensive Cyberspace Opera 




Protect critical missions, enable freedom of action in cyberspace 



• Flexible response, incorporating Title 10 and Title 50 authorities, 
to defend the GIG 



Responsible Organizations: 
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Offensive Cyberspace Operatio 




Who: 




Enabling and attack effects in cyberspace 



Support national and CCDRs’ objectives via cyber actions 
Remote Operations Center, civilians and military personnel 
Enables active defense against cyber actors/adversaries 



ROC Relationships: 



Remote 

Operations 

Center 




USCYBERCOM 

tasks 



NSA/CSS 

controls 



Navy's Role: 
Force Provider 
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Directorate (ITD) 



iCtorate u 

Outline 




• TAO Overview 

- Mission Aligned Cells (MAC) 

• Manning / Placement 

• Department Operations 

- Summary 

- Examples: Russia & Lebanon 

- Joint Cyber Attack Team 

- N CAT Vision 

- Afloat CNO 

• Discussion Topics 
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rganization 
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Requiremen 
ts & 

Targeting 

Manage ops 
requirements 
Perform target 
development 



Remote 

Operations 

Center 

Conduct On-net 
ops (exploit, 
collect, geo- 

locate) 



Data 

Network 

Technologie 

s 

Develop 
operational 
concepts and 
software 
implants to 
exploit 
computer 
networks 



Telecommuni 

cations 

Network 

Technologies 

Develop 

operational 
concepts and 
software implants 
to exploit phone 

switches 
Develop network 

warfare 



Network shaping ; 



Access 
Technologie 
s & 

Operations 

Conduct 
physical access 

(off-net) 

operations 

Conduct 

expeditionary 

CNO 

Develop 



f/rm vyafa 
implapts.-tp- 

^complex' 

net^jprks- 



Mission 

Infrastructu 

re 

Technologie 

s 

Design, 

development 
and delivery of 
the end-to end 

infrastructure 
that supports 

GENIE 
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Concept: 

• T AO recently completed a major effort to align resources from 
R&T, ROC, DNT and MIT into mission focused teams. 

• Mission Aligned Cells 

- Teams composed of operators, analysts and developers working together to focus on 
a specific target set. 

• Allows TAO to efficiently resources on high-priority projects and 
targets. 

Current MAC’S: 

• China/North Korea (NS AW, NS AH) 

• Iran (NSAW, NSAG) 

• Russia (NSAW, NS AH) 

• Cyber Counterintelligence (CCI) (NSAW, NSAG, NSAT, NSAH) 

• Counterterrorism (CT) (NSAW, NSAG) 

• Target Service Provider (TSP) (NSAW, NSAT) 

• Regional Targets (RT) (NSAW, NSAT) 
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Requirements & 1 


Remote 


Data Network T ele com mini cations 


Access 


Mission 


Targeting 


Operations 


Technologies Network 


Technologies & 


Infrastructure 




Center 


Technologies 


Operations 


Technologies 



S32: 

Staff (2/2/0) 



Leadership Positions: 

• Deputy Chief, TAO 

CAPT^^^M 

• TAO Cyber Operations Integrated 
Lead (COIL) 

• Principle advisor to TAO leadership 
for operational cyber issues 



[Billet Description (BA/COB/Deployed)] 
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S327: 

R&T Influence (8/6/0) 

Endpoint Exploitation (57/35/0) 



Leadership Positions: 

LCDR 

• D/Chief, CT & Afghanistan 

LCDR 

• In training - slated for Hard Targets Division, DPRK 

Branch 

• CNO Coordinator - China/DPRK Branch 



[Billet Description (BA/COB/Deployed)] 
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_ Directorate (ITD) 

Remote Operations Center 




■■I 






TAO 



S32h 

ROC Influence (9/9/0) 

Lead (3/3/0) 

Interactive Operator (49/26/0) 
Production Operator (25/14/0) 



Leadership Positions: 

• Deputy Chief, ROC 

• D-Chief, STO 



Requirements & 


Remote 


Data Network Tele com mini cations 


Access 


Mission 


LT | 


Targeting 


Operations 


Technologies Network 




Infrastructure 




Center 


Technologies 


Operations 


Technologies 


• ( 



CTNCS 

• ROC SER 

• Chief, Cyber Operations Branch 

LTJG^^^m 

• Tech Lead, Cyber Operations Branch 



[Billet Description (BA/COB/Deployed)] 
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Leadership Positions: 

• Chief, Cyber Technologies Branch 

• Chief, Engineering Services Division 



S323: 

Development (Officer) (2/2/0) 
Development (Enlisted) (16/6/0) 



[Billet Description (BA/COB/Deployed)] 
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Requirements & 
Targeting 



TAO 



Remote 


Data Network T ele com mini cations 


Access 




Operations 


Technologies Network 


Technologies & 




Center 


Technologies 


Operations 






Leadership Positions: 




• Chief, Operations Branch 

• D-Chief, EAO 



S328i 

ATO (Officer) (4/4/0) 
ATO (Enlisted) ( 23/15/1 ) 



[Billet Description (BA/COB/D eployed)] 
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S325 - Mission Infrastructure Technologies: 

Infrastructure (Enlisted) (7/1/0) 

S352 - Global Access Operations: 

Global Access (Officer) (0/1/0) 

Global Access (Enlisted) (1/1/1) 



10 Dept Summary: 

Officers ** 

• 28 BA / 26 COB = 93% 

Enlisted 

• 182 BA / 101 COB = 55% 



**2/9 CS P-coded officer billets filled; need M.S. 
Computer Science personnel 



[Billet Description (BA/COB/D eployed)] 
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Directorate (ITD) 

perations 



Weekly Interactive CNE 

operations 



ALL 




Operators 


Ops Conducted 


All 


208 


100.00% 


2588 


100.00% 


CIV 


70 


33.65% 


1059 


40.92% 


NAVY 


52 


25.00% 


674 


26.04% 


AF 


44 


21.15% 


343 


13.25% 


ARMY 


29 


13.94% 


376 


14.53% 


USMC 


11 


5.29% 


108 


4.17% 


USCG 


2 


0.96% 


28 


1.08% 



NAVY 




Operators 


Ops Conducted 


NAVY 


52 


100.00% 


674 


100.00% 


NIOC-M 


28 


53.85% 


292 


43.32% 


NIOC-T 


10 


19.23% 


133 


19.73% 


NIOC-G 


8 


15.38% 


107 


15.88% 


NIOC-H 


6 


11.54% 


142 


21.07% 
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Target Sets - R&T 

Analysts 

China 

Russia 

Iran 

Afghanistan 

Pakistan 

India 

Iraq 

Counterterrorism 

Cyber 

Counterintelligence (CCI) 

Supporting Roles 

ROC Senior Watch 
Officers 

Development 



> CAN, GBR, NZL 
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MAC: Mission Aligned Cell - puts analysts and operators together to increase target familiarity and 
efficiency of operations 

• Joint military and civilian entity 
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_ _ Directori 

Target Example: 



Current TAO Targets 

- Political 



leadership to include Ministry of 
Interior, Parliament Members, and 
Presidential Palace 



- Military 

• Former Commander of I 

Force\ 



Common Border 



Col. | 
Gen. 
Gen. 
Col. I 




| IT Directorate 
Medical Comman 
- (affiliation unknown) 

- Instructor, Army Staff 



and Command College 



|- Defense Ministry 



Recent Reporting 

- Armed Forces Reviewed 

Personnel Issues Regarding Retirement, 
Communications, and Health Care 













mmm 

' ' 51300 
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60.1.1 - NROC 





FLEET FOCUS 



Framework and 
support for Navy 
requirements 



w 



Provides structure to 
develop holistic Navy 

capabilit 







CTE Manning 



r \ 

Unix and Windows Operators: 

Exploiter Qualified 
(Minimum Requirement) 

Router and Firewall Operators : 

May shift between CTE's depending on 
operator specialty and mission requirement 



CTE 

Mission 

Commander 







JOINT FOCUS 



Navy support to joint 
priorities 



Support five (5) Combined Task Elements 






, i 



Structure supports 
manning requirements 
levied on Navy 



V 


CTE 




CTE 




CTE 




CTE 




CTE 


i 

i 

i 


CND-RA 




1060.1.1.1 




1060.1.1.2 




1060.1.1.3 




1060.1.1.4 




1060.1.1.5 


1 

i 


1020.6.1 






Mission Alignment 



NCAT 

Service-led JCAT 
JCAT Support 
Service CNE Support 



















JCAT Concept of 
Operations: 

• Assembled for Title 10 
execution support 

• Mission Commanders and 
Operators provide full- 
time support to CNE 
operations outside of 

JCAT 

Reguitemeirtsi 

• CAUI Support 

• 1 Mission Commander 

• 2 CNA Operators 

• TASKORD 11-0335 

• 3 Mission Commanders 

• 7 n ri\IA Dn^r^tnrc: 



Current Navy. Participation: 

• Mission Commanders: 

• LTJG 

• Qualification based on JQS administered 
by the Cyber Operations Branch 

• Five (5) additional officers in training 

• Operators: 

• Working to certify all qualified 
Interactive Operators for JCAT 

• Requires LOAC/ROE Briefing and Tool 

Training 
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AUTEC testing with USS Annapolis . 18 NOV 2011 



• Interactive Operations 

- Connection via: 
NEPTUNETHUNDER, 
BLINDDATE/HAPPYHOUR 

- Successful exploits at 4, 6, 
and 8 NM with 4 watt 
/Access Point (AP). 

- Predict max connection 
distance to standard 100 
mwAP to be 4 NM. 



• Man On the Side 
Operations 

- Inject using: 

BLINDDATE/NITESTAND 

- Successful inject at 4 NM to 
100 mw client computer. 
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CYPHER TEXT 




ACTIVE SEGMENT 
WIRELESS 
ADAPTOR 



GW: 

NETMASK; 

VLAN: 



ENCRYPTED NETWORK 
UNENCRYPTED NETWORK 
RECEIVE ONLY 
TRANSMIT AND RECEIVE 



NODE SECK6T TITLE; 



NAVY BLINDDATE SYSTEM 
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Network Operations - Overview 



Overall classification of this brief is: 



1 MCA/rccM i 






L/CI 1 VCU I 1 tMM. IW l w l — X — 

Derived Froctofil&tfi&WtoS 
Declass)f?iU)f l iS9SS9$9 > 


? 
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Networking Fundamentals 




• Describe the following network component/terms: 



- Proxy Server: 

• An intermediary computer that completes application network requests on behalf of a 

host. 

- Router 

• A layer 3 device used to route traffic between networks 

- File Server 

• A server dedicated to the hosting and sharing of files. 

- Perimeter Network 

• The network segment located between LAN and Internet, used to place Internet facing 
services like Web and Mail Servers. 

- Internet 

• The aggregate of publicly connected networks implementing the IP addresses 



NAVIOCOM Maryland 
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Networking Fundamentals 




• Describe the following network component/terms: 

- Intranet 

• A private network not normally accessible through the internet. 

- Firewall 

• A mechanism to filter network traffic using rules based on attributes like source, 
destination, packet type, port, and session status. 

- IDS (Intrusion Detection System): 

• Network traffic analyzer that uses patterns to detect malicious activity. 

- TACACS (Terminal Access Controller Access Control System). 

• Provides authentication, authorization, and accounting control to network devices via 
central server. 

- RADIUS (Remote Authentication Dial In User Service) 

• Authentication protocol for remote users to access network resources via network 
access methods like Dial-in, VPN, DSL, and WAP. 



NAVIOCOM Maryland 
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Networking Fundamentals 




• Define the following cross domain solutions: 



- High Assurance Guards 

• Connects networks operating within different security domains. Filters traffic like a 
firewall but operates on all levels of the TCP/IP stack. 

- SABI (Secret and Below Interoperability) 

• Connection of Secret Security Domain to Security Domains of lesser classification 

levels. 

- TSABI (Top Secret and Below Interoperability) 

• Connection of Top Secret Security Domain to domains of lesser classification levels. 

- Bastion Host 

• A host on an internal network that is also publicly exposed to the Internet or another 
public network. Usually used for service hosting (web, email, etc) or as part of a 
firewall solution. 



NAVIOCOM Maryland 
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Networking Fundamentals 




• Describe the location of the following components in a simple networked 
environment: 

a. Proxy Server 

b. Router 

c. Firewall 
of. Workstation 

e. DMZ 

f. Switch 
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Wireless Networking 




• Define wireless networking to include the following aspects: 



- Wireless Access Point 

• Wired to Wireless bridging. 

- 802.11 Protocols 

• The set of layer 1 & 2 protocols defining the RF physical layer and media access 

control. 

STANDARD Frequency Range Modulation Method Bit Rate . 



802.11a 


5.0 GHz 


OFDM 


54 Mbps 


802.11b 


2.4 GHz 


DSSS 


11 Mbps 


802. Ug 


2.4 GHz 


OFDM 


54 Mbps 


802. lln 


2.4 or 5 GHz 


SDM 


600 Mbps 



• Other wireless technologies in the 2.4 GHz range include Bluetooth (802.15), cordless 
phones, microwaves, baby monitors, etc... 

- MAC Filtering 

• Only defined hardware addresses can connect to network 
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Networking Fundamentals 




• Define the following application protocols/services and identify their port 
numbers: 

- Telnet: TCP 23 

- NTP (Network Time Protocol): TCP/UDP 123 

- NetBEUI (NetBIOS Extended User Interface): Non routable transport protocol used in pre- 
WinXP LAN’s. 

- Net BIOS (Network Basic Input/Output System): TCP/UDP 139 

- FTP (File Transfer Protocol): TCP 21 

- POP3 (Post Office Protocol 3): TCP 110 

- RPC (Remote Procedure Call): 

• SUN/UNIX: TCP 111, 32771 

• WIN: TCP/UDP 135 

- HTTP (Hypertext Transfer Protocol): TCP 80 
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Networking Fundamentals 




• Define the following application protocols/services and identify their port 
numbers (continued...) : 



- SMTP (Simple Mail Transfer Protocol): TCP 25 

- DNS (Domain Name System): TCP/UDP 53 

- SNMP (Simple Network Management Protocol): UDP 161 

- SSL (Secure Socket Layer): Presentation Layer protocol for use by applications to secure 
communications 

- SSH (Secure Shell): TCP 22 

- TFTP (Trivial FTP): UDP 69 

- HTTPS (HTTP Secure): TCP 443 

- FTPS (): 

- DHCP (Dynamic Host Configuration Protocol): UDP 67 
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Network Layer Protocols 



• Define the following network layer protocols to include their relationship to 
TCP/IP: 

- ip 

• Layer 3 (Network) used for network addressing and routing 

- TCP 

• Layer 4 (Transport) used for application session and reliable delivery 

- UDP 

• Layer 4 (Transport) used for application communication. 

- ARP 

• Layer 2 (Link) used for Mapping IP addresses to MAC Addresses 

- RARP 

• Layer 2 (Link) used for Mapping MAC addressees to IP Addresses 

- ICMP 

• Layer 3 (Network) used for Network Diagnostics 
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OSI Model 




• List and describe the 7 layers of the OSI Model: 



a 

Encapsulation 




MAC Header Data FC5 



T_J H 



11001 0101 1010 



Layer Maine 




layer No. Function 


Examples 


Application 




layer 7 


User Interface 


T<tln« 

HTTP 








Pir«ent4Jtion 


Layer G 


Encryption nnrf Qthfif Processing 


JPEG 

ASCII7 












Sessiun 


n 


Layer 5 


Manages Multi pl-e Application* 


OS 

SchiMluling 












Transport 


i 


Layer 4 


Provides Reliable end Unreliable 


TCP 


"1 Routers 

J t -^ 

Switches 


Delivery ahii Error Correction 


UDP 












Layer 3 


Provides Logical Addressing 
Usad by Rdulirfs 


ip 

IPX 










Data UnL 


¥_ 1 


Layer 2 


Access E nespoints with MAC 
Address Error Duteciian Corcfrctioii 


802/3 

HOLC 




1 Cabling 






Physical 


Layer 1 


Specific* Voting**. Wire Spmid, 
and Pm-Qui Cables 


FiA/T(A ?3l 
V.35 






a 

De-Encapsulation 
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TCP/IP Model 




• List and describe the 4 layers of the TCP/IP Model to include how they 
relate to the OSI Model: 



- The TCP/IP model combines 
the Session and Presentation 
layers with the Application 
layer. It is assumed if a 
program has need of layer 5 or 
6 functionality, then the 
program will have to provide it. 



TCP/IP 


OSI 


APPLICATIONS 




Application Layer 




Presentation Layer 








Session Layer 


Transport Layer 
TCP and UDP 




Transport Layer 


Network Layer 
IP 




Network Layer 


Data Link Layer 




Data Link Layer 


Physical Layer 




Physical Layer 



7 

6 

5 

4 

3 

2 

1 
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TCP 3-Way Handshake 




• Define and illustrate the TCP 3-Way Handshake 



- The 3 -Way handshake is the method 
that all TCP sessions use to initialize 
connections and session parameters. It 
follows the sequence SYN, SYN-ACK, 
ACK. Application data can begin sending 
with the final ACK packet. 




A 



Computer A sends a 
synchronize message 
to B containing a 
sequence number; 

seq= 100- 



Computer B 
acknowledges 
that it received 
the message by 
incrementing 
the sequence 
number {called 
an "ACK") It also 
sends its own 
sequence; 
ack=101 , syn=30O 



Computer A receives 
the Ack it expects and 
the connection is now 
established. 
All communication will 
now send incremented 
syns and acks to ensure 
a good connection; 
syn-102, ack-301 
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TCP Flags 



• Define and briefly describe the use of the following TCP flags: 

- SYN: Used to initialize the TCP by setting the packet sequence number 

- ACK: Used to acknowledge receipt of all package sequences up the number indicated 

- PSH: Indicates that that all data already received should be given to the application as soon 
as possible. Flushes the buffer. 

- URG: Urgent Data. Commonly used for interrupts. 

- FIN: Indicates there is no more data to send from that end of the connection. Session 
closes after both ends acknowledge FINs 

- RST: Immediate termination of connection. Commonly used to indicate unavailable 



service. 
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Protocol Headers 




Define and describe the structure of the following protocol headers: 

- IP 0 



15 16 



SI 



4-bit 

version 


4-bit header 
length 


8-bit type of service 
(TOS) 


16-bit total length {in bytes) 


16-bit identification 


3-bit 

flags 


1 3-bit fragment offset 


8-bit time to Live 
(TTL) 


-bit protocol 


1 6-bit header checksum 






32-bit source IP address 



32-bit destination IP address 



/ 



options (if any) 



7 



data 



20 bytes 



/ 



/ 
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Protocol Headers 







Define and describe the structure of the following protocol headers: 

- TCP 0 15 16 31 



16-bit source port number 


16-bit destination port number 


J 

20 1 
1 


* 

>yles 

r 


32-bit sequence number 


32-blt acknowledgment number 


4 -bit header reserved 1 w f- ^ c v ^ 

length (6 bits) ]G K H T N N 


16-bit window size 


16-bit TCP checksum 


16-bit urgent pointer 







7 options (if any) 7 



/ data (If any) 7 



NAVIOCOM Maryland 



Center ofExcellence for Non-Kinetic Options 



SECRET//REL TO USA, AUS, CAN, GBR, NZL 



43 




SECRET//REL TO USA, AUS, CAN, GBR, NZL 



Protocol Headers 




Define and describe the structure of the following protocol headers: 

- UDP 



0 



15 16 



31 



16 -bit source port number 


16 -bit destination port number 


16-bil UrcPlcnfith 


lb-bit UDP checksum 



T 

8 bytes 

i 



/ 



data (if any) 
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MAC Addressing 




• Discuss the following as it pertains to MAC Addressing: 

- LENGTH OF MAC ADDRESS IN BITS: 48 

- DISPLAY OF MAC ADDRESS: Hexadecimal Format 00:8e:f0:59:31:ae 

- LOCATION OF MAC ADDRESS: First 48 bits in message 

- MANUFACTURER SPECIFIC BITS: First 3 Octets 

- HOST SPECIFIC BITS: Last 3 Octets 



OUI 



1st octet 


2nd octet 


■3rd octet 


■Mh octet 


SUi octet 


6lti octei 


ion nt 


m-3[ 


01110101 


Hoorn 


01011111 


01 ODDI 01 


01111010 



( i/I /irrln/Mlml) !i:1 

G*l (globai.locai) bit 
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ARP 



• Discuss the following as it pertains to ARP: 

- ADDRESS RESOLUTION: 



• ARP (Address Resolution Protocol) facilitates the mapping between hardware 
addresses (MAC Address) and logical network addresses (IP Addresses). This 
mapping can be stored in a file or can determined through ARP broadcast requests on 
a local network. 
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ICMP 



• Discuss the following as it pertains to ICMP: 

- ICMP is a protocol that defines a collection of message types commonly used for network 

diagnostics. 



• Layer of the OSI model: ICMP (usually) consists of Layer 3 (Network) messages 
transported by IP. 

• Ping: Message Type 8 (request) and 0 (reply). Used to determine if a device is active 
on the network. 

• Traceroute: Uses a combination of the IP time-to-live (TTL) field and the ICMP 
messages 11 (time exceeded) and 3.3 (port unreachable) to determine the route a 
packet takes through the network. 
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Routing Table 




• Discuss the routing table as it pertains to the router: 



- The Routing Table Stores what networks are reachable through each interface along with 
metadata about that route. 



1 0.1.0.0 10,2. 0.0 10,3 .0.0 10,4.0. 0 

E0 A PSO 7 - B Psi 7 — ^ C I EO 



Routing Table 


10.3.0.0 


SO 


0 


10.4.0.0 


EO 


0 


10.2.0.0 


SO 


1 


10.1.0.0 


SO 


2 



Routing Table 


10.1.0.0 


EO 


0 


10.2.0.0 


SO 


0 


10.3.0.0 


SO 


1 


10.4.0.0 


SO 


2 



Routing Table 


10.2.0.0 


SO 


0 


10.3.0.0 


SI 


0 


10.4.0.0 


SI 


1 


10.1.0.0 


SO 


1 
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IP Addressing 




• Discuss the following as it pertains to ranges of IP addressing: 






Classful networks were the original method of 
distributing address groups to organizations. 

• Class A: First 8 bits for Network ID and the last 
24 bits for Host ID. 

• 126 Networks : 16,277,214 Hosts/net 

• Class B: First 16 bits for Network ID and the last 
16 bits for Host ID. 

• 16,384 Networks : 65,534 Hosts/net 

• Class C: First 24 bits for Network ID and the last 
8 bits for the Host ID. 

• 2,097,152 Networks : 254 Hosts/net 
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TCP/IP 




• Discuss the following as it pertains to TCP/IP: 



- Number of bits in an IP address: 32 

- Number of octets contained in an IP address: 4 



0 


s 


1 16 24 32 






l 1 1 




KU.ew.-irl ID 


Not# lt> 


□ 


(tuts 2 *o -G| 


[2J B.1-,1 1 



Nefwcrk ID 
[bill 3 to Idj 



htosl ID 
| (6 bits) 



Nijlwcik ID 
Ml 4 N> 24| 



Ho*i 0 
13 bits) 



Mdfrasl G io.>o Adeem 
|2* bits) 



Fspcfir-^rrtcJ Addnws ID 
Ibiis 5 lo 321 



Class A Address 
Class B Address 
Class C Address 
Class D Address 
Class E Address 



• IPv6 has 128 bits, roughly a 300 trillion 300 trillion more 

- 90, 000, 000, 000, 000, 000, 000, 000, 000, 000 times the space of IPv4 
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Networking Fundamentals 


EL Jsri 



• Discuss the following as it pertains to the following protocols: 

- TCP 

- UDP 
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IP Subnets 




• Discuss the following as it pertains to IP Subnets: 

- Number of bits used in a subnet mask. 

- How the subnet mask identifies the network portion of the of the IP address. 

- Borrowing bits from the host portion of the address. 

- Benefits of subnetting. 



O & 16 24 3*2 



Clou C h4er-voH: 
200 13 .9-A O 



0 Subn c l ID 1 Bits 

6 Host ID Bila 
| I Subnet. 

2 5 *4 Hoiisji 

1 Subn-n-1 ID Bit 

7 Hfwi ll> RHi 
f 7 Subnets. 

I Ho Eoch] 



1 1 


1 
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|B bite] 
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0 


TT7 
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0 


0 


0 


0 


0 




01 


0 


0 


1 


n 


0 


0 




0 


jo 0 O 0 0 0 0 0 


! 23S 


255 








255 




■ 



0 


1 


□ 


jl 


n_ 


0 


0 


0 


0 


JJ 


0 


0 


0 


0 


0 


0 


0 
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0 


0 


- 1 
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0 


0 


□ O 0 0 0 □ o 


! 255 
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TELNET 




Discuss the following as it pertains to TELNET. 

- Use: Create a Network Virtual Terminal session on 

- Type of connection: TELNET uses TCP as 

- Default port number: 23 




■ 



■ 
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Questions 



• Questions? 
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